BIG-IP Terraform Resources
Terraform is an open source tool for provisioning and deployment of public and private cloud infrastructures. Terraform lets you to create, change and improve production infrastructure safely and predictably. Terraform use APIs abstraction through declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
Many of our customers who have deployments in AWS, Azure and GCP are using terraform in DevOps and CICD initiatives. As automation in the network is pivotal for DevOps success and as F5 plays an important role in our customers network, we have F5 provider plugin for terraform. Now, using Terraform, customers can deploy F5 BIG-IP in Public cloud using F5 BIG-IP YAML or JSON templates. The terraform F5 Provider repo is available for download at https://github.com/f5devcentral/terraform-provider-bigip repository
Once the infrastructure is deployed, using the F5 BIG-IP provider for terraform we can automate several F5 BIG-IP operational tasks as well. Besides application deployment, operational tasks like removing the servers from the F5 BIG-IP pool so that, the server apps can be updated with new software or the server operating system can be upgraded - all while avoiding outages or downtime etc. can be automated and run with Terraform. If such operational tasks are done manually its very much time consuming and error prone. Also imagine if you need to do hundreds of such changes more frequently.
Let us look at a simple operational use case: Here, the F5 BIG-IP device is configured using Terraform. Configuration file shows deploying Virtual server for App1 application, App1_Pool and Application Servers 11.1.1.101 & 11.1.1.102.
Virtual Server, Pool and nodes configured on BIG-IP
provider "bigip" {address = "10.192.74.73"username = "admin"password = "admin"}resource "bigip_ltm_pool" "App1_pool" {name = "/Common/App1_pool"load_balancing_mode = "round-robin"nodes = ["11.1.1.101:80","11.1.1.102:80"]monitors = ["/Common/App1_monitor"]allow_snat = true}resource "bigip_ltm_virtual_server" "App1_http" {pool = "/Common/App1_pool"name = "/Common/App1_http_vs"destination = "100.1.1.100"port = 80source_address_translation = "automap"depends_on = ["bigip_ltm_pool.App1_pool"]}
In the above configuration “bigip” highlighted is the F5 BIG-IP Provider which talks to the terraform software. The parameters for this provider are address (mgmt. of BIG-IP), username and password. You can also use token. Resources highlighted are BIG-IP resources for terraform to deploy Pool, nodes and Virtual Server for App1 application.To preview changes before applying the configuration command terraform plan is used as shown below.
terraform-provider-bigip shitole$ terraform plan+ bigip_ltm_pool.App1_poolallow_nat: "true"allow_snat: "true"load_balancing_mode: "round-robin"monitors.#: "1"monitors.1751784255: "/Common/App1_monitor"name: "/Common/App1_pool"nodes.#: "2"nodes.2872054492: "11.1.1.101:80"nodes.3112549682: "11.1.1.102:80"
+ bigip_ltm_virtual_server.App1_httpclient_profiles.#: "<computed>"destination: "100.1.1.100"ip_protocol: "<computed>"mask: "255.255.255.255"name: "/Common/App1_http_vs"pool: "/Common/App1_pool"port: "80"profiles.#: "<computed>"server_profiles.#: "<computed>"snatpool: "<computed>"source: "0.0.0.0/0"source_address_translation: "automap"Plan: 10 to add, 0 to change, 0 to destroy.
The above command will help us to see what configuration will be eventually applied to the F5 BIG-IP. You can use terraform apply command to manifest the configuration on BIG-IP as shown below.
terraform-provider-bigip shitole$ terraform applybigip_ltm_pool.App1_pool: Creating...allow_nat: "" => "true"allow_snat: "" => "true"load_balancing_mode: "" => "round-robin"monitors.#: "" => "1"monitors.1751784255: "" => "/Common/App1_monitor"name: "" => "/Common/App1_pool"nodes.#: "" => "2"nodes.2872054492: "" => "11.1.1.101:80"nodes.3112549682: "" => "11.1.1.102:80"bigip_ltm_pool.App1_pool: Creation complete
bigip_ltm_virtual_server.App1_http: Creating...client_profiles.#: "" => "<computed>"destination: "" => "100.1.1.100"ip_protocol: "" => "<computed>"mask: "" => "255.255.255.255"name: "" => "/Common/App1_http_vs"pool: "" => "/Common/App1_pool"port: "" => "80"profiles.#: "" => "<computed>"server_profiles.#: "" => "<computed>"snatpool: "" => "<computed>"source: "" => "0.0.0.0/0"source_address_translation: "" => "automap"bigip_ltm_virtual_server.App1_http: Creation completeThe above terraform apply command creates Virtual server, Pool and adds 2 nodes to the Pool.Apply complete! Resources: 10 added, 0 changed, 0 destroyed.
Server Node 11.1.1.101 is taken down for Maintenance
In order to remove the server 11.1.1.101 for maintenance we have to change the configuration file as shown below. You can see the node 11.1.1.101 is removed from the pool resource. The above TF file changes are made to the bigip_ltm_pool resource
resource "bigip_ltm_pool" "App1_pool" {name = "/Common/App1_pool"load_balancing_mode = "round-robin"nodes = ["11.1.1.102:80"] node 11.1.1.101 is removedmonitors = ["/Common/App1_monitor"]allow_snat = truedepends_on = ["bigip_ltm_provision.provision-afm"]}
When terraform plan is executed you can see that server 11.1.1.101 is removed in the plan as shown below
terraform-provider-bigip shitole$ terraform plan~ bigip_ltm_pool.App1_poolnodes.#: "2" => "1"nodes.2872054492: "11.1.1.101:80" => ""nodes.3112549682: "11.1.1.102:80" => "11.1.1.102:80"~ bigip_ltm_virtual_server.App1_httppool: "App1_pool" => "/Common/App1_pool"Plan: 0 to add, 2 to change, 0 to destroy.terraform-provider-bigip shitole$ terraform applybigip_ltm_monitor.App1_monitor: Refreshing state... (ID: /Common/App1_monitor)bigip_ltm_pool.App1_pool: Refreshing state... (ID: /Common/App1_pool)bigip_ltm_virtual_server.App1_http: Refreshing state... (ID: /Common/App1_http_vs)bigip_ltm_pool.App1_pool: Modifying...nodes.#: "2" => "1"nodes.2872054492: "11.1.1.101:80" => ""nodes.3112549682: "11.1.1.102:80" => "11.1.1.102:80"bigip_ltm_pool.App1_pool: Modifications completebigip_ltm_virtual_server.App1_http: Modifying...pool: "App1_pool" => "/Common/App1_pool"bigip_ltm_virtual_server.App1_http: Modifications completeApply complete! Resources: 0 added, 2 changed, 0 destroyed.
Above you can see that nodes have been reduced from 2 to 1. Now server 11.1.1.101 can be upgraded with new OS or CPU, RAM can be upgraded as per needs without affecting the live application traffic. Also, when the upgrade is done, the server 11.1.1.101 can be added back into the configuration file for a seamless operation.
Removal of residual Virtual Servers and Pools:
Another very important operation is to remove unwanted VIPs and Pools. When some of the Apps are retired we no longer need the configuration for VIPs, Pools and nodes on the F5 BIG-IP. Using F5 BIG-IP resources for terraform we can easily manage this kind for operation in a scaled environment without errors and do this in seconds instead of spending weeks when done manually. Also, code can be shared among various team members before committing the changes. Below is an example of such operation.
$ terraform destroy -target=bigip_ltm_virtual_server.App1_httpDo you really want to destroy?Terraform will delete the following infrastructure:bigip_ltm_virtual_server.App1_httpThere is no undo. Only 'yes' will be accepted to confirmEnter a value: yesbigip_ltm_virtual_server.App1_http: Refreshing state... (ID: /Common/App1_http_vs)bigip_ltm_virtual_server.App1_http: Destroying...bigip_ltm_virtual_server.App1_http: Destruction completeDestroy complete! Resources: 1 destroyed.
Organizations of all sizes are adopting cloud for application workloads. These organizations are looking to avoid the costs of running and managing their data centers or, more often, to accelerate the application delivery process. Using cloud enables development teams to operate with a much greater degree of independence from the underlying operational constraints of infrastructure. That’s where F5 BIG-IP terraform resources will help organization to adopt agile methods. A complete list of F5 BIG-IP terraform resources can be found at https://github.com/f5devcentral/terraform-provider-bigip.
Updated Jun 06, 2023
Version 2.0
Sanjay_Shitole
Employee
Employee
2funky_105078Cirrus
terraform can deploy LTM or also APM/ASM resources?
glowplug_278897Nimbostratus
The readme on GitHub mentions validated with BigIP v12.1.1, is there a roadmap for 13.x?
thanks!
thennessey_2290I am having problems creating the nodes with Terraform. bigip_ltm_node.node: Found unexpected json pair at configuration item /ltm/node/~Common~terraform1. The json pair is "fqdn":{}. This fqdn argument is not working and can't be omitted. I also see no examples of people creating nodes with Terraform, just attaching them. Does this work? Thanks!
- Sanjay_Shitole
Please look at https://www.terraform.io/docs/providers/bigip/ for latest documentation.
- thennessey_2290
That's where I got it from. I am on F5 v 11.
- Sanjay_Shitole
Only v12.X onwards is tested and supported as mentioned in the requirements at https://www.terraform.io/docs/providers/bigip/
- thennessey_2290
Yep. Just wondering if anybody got it to work on v11. Doesn't sound like it. Thanks.
- Raj_Jeyasekar
Hello, Is there a BIG-IP Terraform provider that supports AS3?
- Sanjay_Shitole
Hi Jey,
We just committed the code for as3 resource should be available in the next release within 2 - 3 days time.
- Laul
Is it possible at this time to use count with the BIG-IP provider? or modules?
This is the only way to manage multiple BIG-IPs with ease.. Using alias or any other workarounds is simply not sufficient.
